All my domains are under control of stargrave.org’s nameservers.
DNSSEC inherently sucks, at least because it is global-scale PKI, so it
is not secure against government-level adversary. That is why, my
nameservers use DNSCurve technology.
All my TLS certificates use
DANE, so their subject public key hashes are stored inside DNS TLSA
records. However all that certificates are also signed by my own
ca.cypherpunks.ru CA.
There are my authoritative DNSCurve PGP signed nameservers below. Of course the trust anchor is my PGP key.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org. uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns6.stargrave.org. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEIpNVsPbb+nIRVbvGHh7ERWs1C6UFAmAVNVwACgkQHh7ERWs1 C6Uypw//Y0pv0TEL5EsKJ/WCj3KlPz9wsBX7l04qtLPPOfZOVTwtxeG97+4StXi/ QSk2TubOxYYA39V0fFG0YkN1GatN7HG1IaiUJraYlSzMDJXMLVOppDuquIA1GVgI dgV4agiF63gFqs4u72Ic9seTPx/t6GU0RyEOi9fquEmt8hccfa6QYLnCxU77k5Do QMIuOpOxDq4Gy6X2n7kPoRltAcCZRkPfuaTjjk7TsSS+r/hluMQWtqTNppj1h4tm WB7NpQOK6+OjznqymOO0v5vQ7y5ZVO572BoR4+dS03atZaZtXshXCkJLaiTK+HQ9 KCaIBOvlV+8x6WctOEoe0+A0wcIFlGvLJBVJVpjJwb9tf7ALD6zBb9jW2tvp4MX+ rT1x5YPX//l2wxoi2CQ020UJNcdQh6f7I0YPm6wZMKiCIwyAgR7HRUXR5xAbEyPE mB0d76HTtHrPqlRXyH7YdfbTV6/k1+0lUghtl37aFzhqnLayWxx7lvQBxfD8nfgu dptlVtcP8QzoEQ+GyGinmYjueUW8wfUvcOxCx+vAfx3eaUvS1VUAazSacbYgGK+H 6xMc86y7WAqTO51dYSbsdVGoTvU008iZFnwj21YHMB9ioMeRCu0HqSxfcimKeLC6 FhzFW8Ln/tweyaY8pOJzunG0ieMd1XazTPIEXH9ryNK7MW+GF/8= =o3kN -----END PGP SIGNATURE-----